b'            GAO Office of Inspector General\n                  Report Summary\nDate:      October 2, 2008\n\n\n\nTitle:     Independent Evaluation of GAO\xe2\x80\x99s Information Security Program and Practices \xe2\x80\x93\n           Fiscal Year 2008 (GAO/OIG-09-1)\n\n\n\nSummary:   The Office of Inspector General (OIG) performed an independent evaluation of\n           GAO\xe2\x80\x99s information security program and practices for fiscal year 2008 as\n           prescribed by the Federal Information Security Management Act of 2002\n           (FISMA). GAO is not obligated by law to comply with FISMA, but has adopted\n           the law\xe2\x80\x99s requirements to strengthen its information security program and\n           demonstrate its ongoing commitment to lead by example.\n           The OIG issued a sensitive report that found GAO had generally established an\n           information security program consistent with the requirements of FISMA and\n           guidance issued by the Office of Management and Budget and the National\n           Institute of Standards and Technology. However, the OIG identified several\n           requirements that were not fully implemented and made recommendations\n           accordingly to improve GAO\xe2\x80\x99s information security practices and its Privacy\n           Program. GAO management concurred with each of the report\xe2\x80\x99s\n           recommendations and is initiating corrective actions.\n\x0c'